Windows Media Player and DVD viewing privacy

Windows Media Player (WMP) 8.0, which is included with Windows XP, added the capability of watching DVD movies to Windows XP by default. When a DVD movie is played by WMP 8.0 an HTTP GET request goes out over the Internet to get title and track information from a Microsoft database. [Clarification: The database is not owned by Microsoft, but requests do go to Windowsmedia.com, which is a Microsoft-owned domain.] The request includes a unique identifier for Windows Media Player based on an anonymous cookie which cannot be used to track down a user. That DVD track and title information, once retrieved, is stored in a local binary file:

(The last piece of the filename may differ.)A similar process happens when CD media is played.

Microsoft has responded to questions regarding this practice, and suggests that the process can be stopped by either disabling all cookies in Internet Explorer or choosing to “Work Offline” in Windows Media Player. However, working offline in WMP causes Internet Explorer to also be in offline mode, which is inconvenient for users. Microsoft says that it is updating its privacy policy to make users more aware of this practice. MS also have stated that it is not using any of the information requests to collect data for a “most viewed DVD list” or something of the sort, even in an aggregate manner.

There is a question of whether the looking up of title and track information for DVD movies is even necessary or useful, as most DVD discs contain such information already, whereas CD-audio discs typically do not. A lookup to a Microsoft database for CD audio tracks is potentially far more useful to users than a DVD movie lookup. [Note: DVD track information is often stored in non-standard formats, so the lookup can actually be useful.] Also, since the data is stored locally, there is the potential of multiple computer users seeing the history of CD audio and DVD movies viewed on their computer. This is not as much a problem for CD audio, but not everyone wants to leave a trail of the DVDs they may watch with explicit sexual and violent content.

ROB'S OPINION
You can certainly argue that this DVD data exchange and potential anonymous data collection is not harmful in the manner that it is being done. I'm sure some commenters will, but that is not the point here.

If you look at Microsoft's response to the issue, the company is not offering proper customer service. The methods of disabling this “feature” are very inconvenient: working offline or disabling all cookies. There should be a patch issued that allows users to decide whether the DVD lookups are done, and whether a log is kept on the local hard disk. If you have an argument that this data is not harmful, please address that point. It's simple customer service.

The quiet communication between a Microsoft server and its software over the Internet is in itself a privacy violation, regardless of what communication actually happens. Anytime a program does something over the Web on my computer, I want to know what's going on, and I want it disabled by default–or at least give me the choice during program install, alert me of the communication, and let me make the choice of whether to enable the feature with a full disclosure of the communication. That's a very, very simple privacy guideline that all software makers should strictly adhere to. Based on Microsoft's current response, it is not planning to change WMP, but only the privacy policy. Does anyone read privacy policies? Microsoft sold 17 million copies of Windows XP last month.

This is not a Microsoft vs. Linux debate, but rather I'd like to see Microsoft do the right thing here and follow the privacy policy that Bill Gates himself touted:“Users should be in control of how their data is used…Policies for information use should be clear to the user. Users should be in control of when and if they receive information to make best use of their time.”

Update:I thought I'd break this statement down and offer comments regarding this issue. I also updated a few factual things from the News portion of the item, but they don't change these specific points:1. “Users should be in control of how their data is used.” Users have limited control of data collection in this scenario by disabling key features of their software (working offline/cookies). Technically, they have no specific control of how the data is used, other than Microsoft's word that it won't be used in any bad way. The only real control here as I see it is being able to easily disable the DVD title/track request feature.

2. “Policies for information use should be clear to the user.” Microsoft is updating its privacy policy in regards to this issue. I'm not sure if that really makes it crystal clear or not, but MS has taken action, which is appreciated on this point.

3. “Users should be in control of when and if they receive information to make best use of their time.” We are not really in control here of receiving the track/title listings, other than disabling cookies or working offline all the time, which is very inconvenient. To be in control, I'd really like to see an option to disable the DVD title/track lookup. That's “control” as I define it.

USER COMMENTS 51 comment(s)

I have a solution!(2:16pm EST Thu Feb 21 2002)Firewall. – by F. Theilig

Can this program be spoofed?(2:18pm EST Thu Feb 21 2002)

I love changing around cookies.

Now I can show Microsoft just what kind of Porn freak I really am.

– by ETA HININ

Great(2:23pm EST Thu Feb 21 2002)So, “work-offline” or disable cookies. What a joke! Doing either will break some other functionality. Personally, I'm not alright with the waste of disk space used to create all of these garbage “log what you've already done” files. They're completely useless. Why can't I get some decent logging of other stuff in M$ Windows? I could use an operating system that I could troubleshoot more easily. Oh yeah, that's right, M$ takes the “personal” out of personal computer.

Once again. What a joke! – by PRFunky

To my knowledge…(2:39pm EST Thu Feb 21 2002)This is in direct violation of the finnish privacy-laws – by Janne

Rob is 100% correct(2:43pm EST Thu Feb 21 2002)In addition, as I plan on typing into my game page tonight, “Yes, folks, Microsoft is guilty of stealing your data. Even though unauthorized access to computing equipment is a felony…”

It doesn't matter if it's right or wrong, it's a FELONY. They are crhacking into your computer to STEAL your data, no different than if you were to plant a trojan in their systems to steal trade secrets- it's the same thing.

Don't count on Bill's buddy John to prosecute, though! – by steve

um, so then….(2:43pm EST Thu Feb 21 2002)why don't you just use something OTHER than WMP to play your DVDs? Personally, I can't imagine using WMP over WinDVD or any other prog that comes with your dvd-rom to play DVDs, especially after seeing the info it sends.– by and then…..?

Sorry steve…(3:10pm EST Thu Feb 21 2002)It's only a felony when YOU do it. Laws against stuff aren't meant to be against a corporation doing something. They're meant to be against you doing something to the corporations.

Did anyone think the honorable Ken Lay would lie about the condition of Enron??

LIARS!! All of them.. d:P – by Geekzilla

Exactly what Bill was talking about.(3:39pm EST Thu Feb 21 2002)It was stuff like this that prompted the call for change. The development team might think it's a great feature to web-enable the product so that it automatically provides you with info! .. but then the user isn't in charge. The famous memo is calling for some very real changes in the way their development teams think. I expect there will be a change in Media Player, but probably not an immediate patch.steve is a great example of the web-rage article. Providing you with more info – that you might not want – isn't stealing data.This feature has actually been available since the Win95 Plus pack, the only new part is that is now also does DVDs. For the truely paranoid, unless you've disabled notification from WindowsUpdate – MS is “stealing your data” in exactly the same way when your browser sends a request to MS to see if there are critical updates.– by Robguy

Privacy Policy(3:52pm EST Thu Feb 21 2002)Thanks Microsoft for that update to the privacy policy. Because nobody reads those things anyway. Does this mean that microsoft can start putting all kinds of tracking software into windows, as long as they put a disclaimer in the never read privacy policy, i can't believe this – by Bob Loblaw

Bollocks(3:57pm EST Thu Feb 21 2002)Yeah right, they don't collect the (very valuable) data for analysis, they just do it for fun… And you have to render your browser useless disabling cookies to stop it from happening. Gimme a break! – by This sucks

Yes they do(3:59pm EST Thu Feb 21 2002)Not everyone reads them, but many people do (there are even watchdog groups that consider it part of their reason for existing) and there have been lots of examples of companies changing their policies after public comment. There are even people that read License agreements – that's how I know that use of Java can “lead directly to death, personal injury, or severe physical or environmental damage”.– by Robguy :)

This is Not New(4:13pm EST Thu Feb 21 2002)I was very surprised when WMP 7.1 tried to connect to Microsoft when I tried to play a music CD in my DVD drive. Zone Alarm caught it and I permanently denied permission. An error is returned by WMP but it still plays.

No one should be without a firewall. Period.– by jgitz

Trust?(4:15pm EST Thu Feb 21 2002)Hah! And they want me to trust them with my data in .NOT / Assport.

Here are the folks to trust…

– by Cool Data

I wonder(4:18pm EST Thu Feb 21 2002)I wonder what would happen if you had your FireWall block all outgoing or incoming traffic from windowsmedia.com(The site that Media Player contacts), if Media Player would still function normaly?

It seems like if your running MS software the only way to really protect your privacy is to block connectivity to any Domains MS owns. – by Chris

solution(4:22pm EST Thu Feb 21 2002)my solution to this lovely problem is i use 3rd party software. so microsoft has no connection to my computer (also i make sure the company i am DLing from has nothing to do with microsoft.) at one point when i had to use microsoft products i would sign offline to use things that microsoft would usually crack into.damn you microsoft – by Spiral

Another day……(4:26pm EST Thu Feb 21 2002)“Users should be in control of how their data is used.”

Substitute the word “Users” with “Microsoft”and “their” with “your” – by yowser

Ahhh stop being so paranoid(5:02pm EST Thu Feb 21 2002)Look,it was designed as a information tool for the user. not a spying gizmo…lmao I have used plenty of programs that use this strategy for collecting CD info to fill in song names, albulm, genre, year and artist before I rip my cds to MP3 man it saves a ton of time instead of having to type all that crap in. Thier just tring to make their products that much more easier for you. hmm ever comtimplate in the future this function could help when you Copy a DVD to DVD or Divx format. Any way I say all they need to do is have a check box to turn on or off the internet function and put it as defualted to off. Hell I agree with jgitz No one should be without a firewall. Period. lol – by NewtronX

I saw this coming(5:27pm EST Thu Feb 21 2002)I never use WMP or MS formats for anything. I know those bastards want to spy on us and trick us into selling our soles to their devil.

I've always wondered what other information they've been able to gather about their users that we don't about. Who knows what little devices are hidden in their code to report back with all kinds of juicy info.

You could already be sold and don't know it, Ya know?

Nobody has the right to know anything about me unless I explicitly allow them that right, especially not some monopolistic company.

– by The Scavenger

viewing privacy(5:46pm EST Thu Feb 21 2002)Your PC is spying on you! And it is difficult to say the 'spying' is unauthorized since you agreed to the 'licensing'. What is going on in the privacy of your whatever is being monitored, in many cases without your explicit consent. Freedom of choice means take it or leave it from MonopolySoft (and many others). We are being hunted in so many different ways in and outside of our personal spheres. The dehumanizing gets worse as our wants, desires, habits, and vulnerabilities become ever more quantified. Which is not to say this hasn't been going on forever (it has). It just seems to be getting worse with so many more people and entities getting in on it with mass scale communications added to the mix.A 'user friendly', stable, 'secure' O/S and add-ons programs that do not dial out without the operator actually doing the dialing would be nice. Something that could 'break glass' and be inexpensive enough to deter pirates would be nice. – by mdj

Firewall, or (6:12pm EST Thu Feb 21 2002)Add the site to your Hosts file or add a false entry on your DNS server. My DNS server has hundreds of false entries for offending sites, and products. Ads.X10.com was the first one. I guess I will just add the microsoft media site to the list. – by etcetera

More reason to switch to Linux.(6:51pm EST Thu Feb 21 2002)I am using mplayer with the DVD libraries and can watch DVD on my linux box. (There is also xine which is able to watch DVD too). It is nice to know that nobody is watching me as I watch my DVD. – by embedded this

Simple… its illegal!(7:24pm EST Thu Feb 21 2002)This is an invasion of privacy, plain and simple. I think there is a great class action lawsuit in this, its the only thing that will keep 100 other companies from doing the same thing in their next release. There are a lot of other companies under less scrutiny than Microsoft, who knows what they could capture??? – by just Dave

PRFunky(2:40pm EST Fri Feb 22 2002)Yes, you are indeed correct laws do NOT apply to corporations, or individuals earning over 150k/yr, for that matter.

Dickens said it best: “The law is fair, in that it is as illegal for a rich man to steal a crust of bread as it is for a starving man”. – by steve

PS PRFunky(2:42pm EST Fri Feb 22 2002)“Grow a brain…” can I borrow a few stem cells? I'm all out… – by steve

“Providing you with more info – that you might not want – isn't…”(2:47pm EST Fri Feb 22 2002)No, but obtaining any information whatever from your computer without your permission, even without your KNOWLEDGE (and in my mind, the “magic number” qualifies) IS.

If you take as much as a single byte of data without my permission you are stealing. Will I care? More than likely, it would depend on the data, who you are, and other factors.

Will I knowingly let any Microsoft employee (except maybe bagomice) into my PC? Not willingly! Can I do anything about it? Short of installing Linux and giving up all my games, no. – by steve

robguy ps(2:51pm EST Fri Feb 22 2002)I did disable windows update. Not that it did much good…

As to the data being sent Microsoft, it appears harmless- but with Microsoft, given their leaders' demonstrated complete lack of honesty, ethics, or any morals whatever, I don't trust them with ANYTHING as far as I could throw their building.

So yes, Gates was entirely correct. To regain my trust (they did once have it) is going to take a monumental effort, and I don't believe they are capable.

Their efforts so far toward that goal are completely laughable. We'll see. – by steve

NewtronX, Microsoft's is the only one that tries to connect without being told, or at least asking. The rest ask, and then go to freedb or cddb, not the mfg's site.

“Even paranoids have enemies”

“If you're not paranoid, you're not paying attention!” – by steve

ssasabjh(3:20pm EST Fri Feb 22 2002)hey 386sx!, join the millenium with the rest of the world :) – by heheeh

Read your E.U.L.A.(4:00pm EST Fri Feb 22 2002)When you click that magical button that says I agree to to terms of this licensing agreement you sell your soul to that company. Its that simple. Dont want to be watched? Develop your own software so no one else has control over your information.

Trust me your credit card company is doing alot worse.

– by Mike Q

steve, SUN?(6:14pm EST Fri Feb 22 2002)oh come on…. Sun has never displayed the nastiness that MS has. They've never broken the law or abused their users so blatantly. I trust Sun. I don't trust MS. Plain and simple.

Albeit, we should always be cautious with any corporation or government entity.– by The Scavenger

That's All Folks(3:49am EST Sat Feb 23 2002)I have finally seen the light. The majority of you people are nuts. WMP is doing nothing more than any other good audio player (like Winamp for example)has been doing for years. When you put a cd in your cdrom and the nice box pops up telling you it is downloading track info what the hell did you think was happening. The same principle applies for this dvd look up feature, the only difference is that it's a dvd and MS made the product. If you don't want it to connect to the internet, then install a firewall and deny it access or go buy a copy of PowerDVD and skip WMP altogether but please stop whining about MS stealing your data (as if anyone could care less how big your dvd porn collection is) or invading your privacy, paranoid freaks. – by jlh

Re: Steven(1:43pm EST Sat Feb 23 2002)“Short of installing Linux and giving up all my games, no.”Look into wine, it does an excellent job of running windows games on linux. If can't configure wine for your favorite game, there are website that how to.

“I don't trust you Sun employees” Well then buy the new linux server (it is open source for the parnoid) that is now being offered by Sun. – by embedded this

Re: jlh(1:48pm EST Sat Feb 23 2002)“WMP is doing nothing more than any other good audio player”WMP sucks as a CD player. On my old pentium box, it uses too much resources to display those useless pictures. My CD player skips very badly. I had to use the old Microsoft CD player. It never skips playing CD music. – by embedded this

“Be points out that PC OEMs are prohibited from selling their PCs with multiple preinstalled Operating Systems. ” ()Simply said, Microsoft was just f*cking the hardware sellers up so they would only sell Microsoft, are that the other OS's (par example BeOS) could only be booted by floppy…

2. Lindows… Microsoft is sueing

Lindows because of the fact their name (Lindows) looks too much like their name (Windows), yeah right…

3. the old MSN privacy stuf

not such a long while ago the MSN rules stated that any stuff going through their network was *their* property, seems unfair to me…

well, coz M$ *gets* and *will* get away of this shit (they are *way* too dominant, and they'll always find the right M$ convert to be judges), why can't they be stealing data from you (well I'm not saying you but all the silly Win-users)?

Re: who cares(9:24pm EST Sat Feb 23 2002)“who cares if MS knows what DVD you're watching?”Ask Pearl's killers how they got caught when they used MS Hotmail. (Not really that private is it?)If you rented the “Pretty Baby” DVD and you get to the part where the 12 year Brook Shields gives you a frontal nudity shot, would you be recorded on MS database as a potential consumer of child porn?– by parnoid of MS

This is spying…(9:36pm EST Sat Feb 23 2002)…and unless you are stupid enough to trust a monster like Microsoft, it has got to be a crime. But then, they didn't ask you did they? The decision makers for this little “feature” needs to spend, oh, about 12 months in a federal prison, with a lot of publicity, to stop this kind of mess.

– by GetOuttaMyMind

You Guys are retarded(7:38am EST Sun Feb 24 2002)1) WMP runs slow because you have the visual display running or your using a slow ass processor WMP runs no slower than winamp when they are set up the same JA.2) Your paranoid MS is only accessing the CD or DVD to give you info of the disc your watching or recording.(their ultimate evil plan really is to get you hooked on their product)3) product activation sure i agree it sucks but they are not trying to spy just stop casual copying.4) Windows is vulnerable than most OS's to VIRUSES. Hay wake up its only so damn vulnerable becuase thats the OS virues writters are targeting becuase thats the one 85% of the world owns. If they targeted Linux(good OS by the way if I do say so my self) then the same thing would be happening to the Linux group. Be glade for now Linux isnt widely used.5) Final note stop being so paranoid – by Think out of the box

Retarded Think out of the box.(11:22am EST Sun Feb 24 2002)“4) Windows is vulnerable than most OS's to VIRUSES. Hay wake up its only so damn vulnerable becuase thats the OS virues writters are targeting becuase thats the one 85% of the world owns”

I removed my contact list from Outlook Express so I won't infect anyone else. Guess what! Everytime I reply to Outlook Express would start adding to my contact list. Same thing when I add a buddy to my buddy list of MSN Messenger. Microsoft makes it easy to be vulnerable to viruses.On Linux, if a virus attacks it would only limit havoc on the user's account. Many Linux users have no standard way of spreading emailing virus to others because they have so many choices of emailer (i.e. netscape, mozilla, kmail, pine, elm). With Microsoft OS, Outlook express comes standard, and with Office, Outlook comes standard.

As for being vulnerable, the code is always examined for buffer overflows.OpenBSD has been examined thoroughly for security problem. Hopefully Linux with its security plan will be as secure as Open BSD.Many of the linux users have other emailers installed but are not configured so they can't email out.

“5) Final note stop being so paranoid “

Even business have a problem with Microsoft .net'We don't understand the business model (.net) we don't know how we or Microsoft will make money on the plan(.net) and we don't necessarily trust Microsoft to be the single repository or host for this model (.net),'

Is Microsoft getting ahead of itself? – by parnoid of MS

Retarded Think out of the box.(1:14pm EST Sun Feb 24 2002)“Be glad for now Linux isnt widely used.”You must be living in a cave. Linux is widely used. According to IDC, 30% of the servers are linux. In the embedded world, Linux is #2, Microsoft is way back in the embedded pack.– by parnoid of MS

FUCK PRIVACY(9:29pm EST Sun Feb 24 2002)If you do not want someone to know waht DVD you are watching then maybe you should not be watching that DVD anyway. Privacy is the problem these days why our society sux and people are homosexual. – by there is no man

you people are nuts(8:45am EST Mon Feb 25 2002)Can you say PARANOIA? What Microsoft is doing is NOTHING compared to other programs and other companies- how about those “file-sharing” programs?Just check out for lots more of what companies are doing with your data. Microsoft is a pussy cat as far as I'm concerned to the unethical practices by these other companies. – by Souldrifter

Privacy AND Security(8:01am EST Tue Feb 26 2002)That's what you get when playing DVDs in Linux.

I upgraded to the Penguin one year ago and have never looked back!

Linux is the future. – by Freedom Ring

uhh you guys suck(1:45am EST Thu Feb 28 2002)Just go into Windows Media Player and disable the feature that says “Allow internet sites to uniquely identify my media player” Once you do that during the lookup of track information no “unqiue” identifier is sent. More FUD. I have to tell you at least this site is consistent total FUD night and day and no info. – by Endo

You think your credit card company doesn't do likewise when you use your card?

It's the 21st century. Everyone knows stuff about you, whether you like it or not.

Get over it. – by Moshster

I have a solution(9:11am EST Thu Apr 24 2003)Under Win2K/XP only. By changing the ACL on the file were WMP store is database (remove rights of everyone), WMP is no more able to use this fonctionnality.

The file is :%ALLUSERSPROFILE%Application DataMicrosoftMedia Indexwmplibrary_v_0_12.db

I only try it with an audio-CD.

The concequences are that you may not be able to store/use any CBDB information any more with WMP.